1

I'm seeing these error messages in my SonicWall firewall (SonicOS Enhanced 6.2.7.1-23n):

Ethernet Header
Ether Type: IP(0x800), ......
IP Packet Header
IP Type: UDP(0x11), Src=..., Dst=...
UDP Packet Header
Src=[5060], Dst=[5060], Checksum=0x416c, Message Length=991 bytes
Application Header
Not Known: 
Value:[1]
DROPPED, Drop Code: 702(Packet dropped - Policy drop), Module Id: 27(policy), (Ref.Id: _1857_rqnke{Ejgem) 4:3)

I've googled the heck out of all combinations, but I can't seem to find what this is. I see max of 404 code, and no explanation how to trace this drop to the policy. What's more mysterious, (this is SIP protocol) it allows the first exchange to establish the call, but it blocks any packets after that, like re-INVITE when timeout is approaching, or BYE when the other party hangs up.

Any pointers would be greatly appreciated!

Sergey
  • 948
  • 5
  • 10
  • 22
  • I had this error, my traffic was going through a VPN tunnel and in my case, it was monitoring through SNMP. I had to go to the VPN tunnel and check the box to allow SNMP and it started working. Hopefully that points you in the right direction. – Nixphoe Mar 22 '18 at 15:13
  • Sergey did you ever find resolution to this? I'm having a similar mysterious issue, although my drop code is 583 (with the same descriptor). – Jeff Miles Mar 23 '18 at 21:32
  • @JeffMiles Unfortunately no, I couldn't. But my problem was that I had a typo in the IP address to white list on firewall rules. I still didn't understand which rule was triggering this, but I suspect it was something related to generic threat prevention rules. – Sergey Mar 27 '18 at 14:55
  • My problem was solved by opening the firewall rule properties, and clicking "Ok" without any changes - Sonicwall somehow re-applied the rule and allowed the traffic through. – Jeff Miles Mar 28 '18 at 17:28

1 Answers1

1

Holy thread revive...Leaving this in case other come across this issue in the future.

I saw this when setting up remote client with SSLVPN. Set ALL allow from SSLVPN to LAN subnets. Client side would connect but would pass no traffic. Packet capture showed same drop message. After wiping and reconfiguring, the SSLVPN traffic was able to pass, as I continued to configure, once I got to the Wireless setup (1 production, 1 guest), the issues returned when I bridged the onboard wireless interface to the LAN interface. Everything was working before bridging the connection, shortly after bridging, packets started dropping with this error message. I resolved by changing wireless interface from bridged to static IP on separate subnet and allowing that traffic back on the production LAN. May also be able to resolve with firewall rule between SSLVPN and WLAN.

Scott Pendergast II
  • 11
  • 1